Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
storage vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-34346
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows malicious users to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expans...
Qnap Nvr Storage Expansion Firmware
9.8
CVSSv3
CVE-2021-34345
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows malicious users to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expans...
Qnap Ej1600 Firmware
Qnap Tl-r1620sdc Firmware
Qnap Tl-r1620sep-rp Firmware
Qnap Tl-r1220sep-rp Firmware
Qnap Tl-d1600s Firmware
Qnap Tl-d800s Firmware
Qnap Tl-d400s Firmware
Qnap Tl-r1200s-rp Firmware
Qnap Tl-r400s Firmware
Qnap Tl-r1200c-rp Firmware
Qnap Tl-d800c Firmware
Qnap Tr-004 Firmware
Qnap Tr-002 Firmware
Qnap Tr-004u Firmware
9.8
CVSSv3
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" paramete...
Openssl Openssl
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Santricity Smi-s Provider -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Storage Encryption -
Netapp E-series Santricity Os Controller
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Session Border Controller 8.4
Oracle Enterprise Communications Broker 3.2.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Peoplesoft Enterprise Peopletools 8.59
1 Github repository
1 Article
9.8
CVSSv3
CVE-2021-38306
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated malicious user to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
Lg N1t1 Firmware -
9.8
CVSSv3
CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. Th...
Nextcloud Nextcloud Server
9.8
CVSSv3
CVE-2021-33221
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Unauthenticated API Endpoints.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-32522
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote malicious users to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in...
Qsan Sanos
Qsan Storage Manager
Qsan Xevo
9.8
CVSSv3
CVE-2021-32512
QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated malicious users to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Qsan Storage Manager
9.8
CVSSv3
CVE-2021-32513
QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated malicious users to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Qsan Storage Manager
9.8
CVSSv3
CVE-2021-32520
Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows malicious users to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
Qsan Storage Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »